{"id":7266,"date":"2023-08-31T00:12:07","date_gmt":"2023-08-31T00:12:07","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=7266"},"modified":"2023-08-31T00:12:09","modified_gmt":"2023-08-31T00:12:09","slug":"azure-advanced-threat-protection-sensor-not-starting","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/azure-advanced-threat-protection-sensor-not-starting","title":{"rendered":"Azure Advanced Threat Protection Sensor not starting"},"content":{"rendered":"\n

C:\\Program Files\\Azure Advanced Threat Protection Sensor\\2.213.17065.12431\\Logs\\Microsoft.Tri.Sensor-Errors.log<\/p>\n\n\n\n

C:\\Program Files\\Azure Advanced Threat Protection Sensor\\2.213.17065.12431\\Logs\\Microsoft.Tri.Sensor.log<\/p>\n\n\n\n

<\/p>\n\n\n\n

I had to add the GroupManagedServiceAccount to the LogOnAsService to the Domain Controller<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

2023-08-30 23:32:58.0542 Info RemoteImpersonationManager CreateImpersonatorInternalAsync started [UserName=ATPSensor Domain= IsGroupManagedServiceAccount=True]
2023-08-30 23:32:58.1172 Info RemoteImpersonationManager GetGroupManagedServiceAccountTokenAsync finished [UserName=ATPSensor Domain=.local IsSuccess=False]
2023-08-30 23:32:58.1172 Info RemoteImpersonationManager CreateImpersonatorInternalAsync finished [UserName=ATPSensor Domain=.local]
2023-08-30 23:32:58.1235 Warn DirectoryServicesClient CreateLdapConnectionAsync failed to retrieve group managed service account password. [DomainControllerDnsName=-DC-01..local Domain=.local UserName=ATPSensor ]
2023-08-30 23:32:58.3092 Error DirectoryServicesClient+d__47 Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync failed [DomainControllerDnsName=-DC-01..local]
at async Task Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
at async Task Microsoft.Tri.Sensor.DirectoryServicesClient.TryCreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
2023-08-30 23:32:58.3442 Error DirectoryServicesClient Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with configured domain controllers [ _domainControllerConnectionDatas=-DC-01..local]
at new Microsoft.Tri.Sensor.DirectoryServicesClient(IConfigurationManager configurationManager, IDirectoryServicesDomainNetworkCredentialsManager domainNetworkCredentialsManager, IDomainTrustMappingManager domainTrustMappingManager, IRemoteImpersonationManager remoteImpersonationManager, IMetricManager metricManager, IWorkspaceApplicationSensorApiJsonProxy workspaceApplicationSensorApiJsonProxy)
at object lambda_method(Closure, object[])<\/p>\n","protected":false},"excerpt":{"rendered":"

C:\\Program Files\\Azure Advanced Threat Protection Sensor\\2.213.17065.12431\\Logs\\Microsoft.Tri.Sensor-Errors.log C:\\Program Files\\Azure Advanced Threat Protection Sensor\\2.213.17065.12431\\Logs\\Microsoft.Tri.Sensor.log I had to add the GroupManagedServiceAccount to the LogOnAsService to the Domain Controller 2023-08-30 23:32:58.0542 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7266","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t